BSC, Ethereum DeFi Projects Hit in $14.4M Hack
Dego Finance confirmed that its private key had been compromised.
- An unknown hacker drained $14.4 million from Dego Finance and Cocos-BCX last night.
- Dego confirmed the attack in an update and denied that it was an inside job.
- The nature of the attack suggests that Dego and Cocos-BCX may be run by the same team.
Share this article
An unknown attacker targeted two crypto projects, the Binance Smart Chain-based protocol Dego Finance and Ethereum-based GameFi project Cocos-BCX last night, making off with about $14.4 million worth of digital assets.
Hackers Bag $14.4M in Latest DeFi Attack
Dego Finance and Cocos-BCX both suffered an exploit last night.
According to security firm PeckShield, an unknown hacker successfully drained around $14.4 million from the liquidity pools for the projects on Uniswap and PancakeSwap. The incident occurred Wednesday at around 23:30 UTC. The hacker’s Binance Smart Chain currently contains around $9.6 million worth of BNB, Binance-pegged ETH, and other assets, while their Ethereum wallet holds roughly $4.8 million. The majority of the funds were drained from Dego Finance, the better known of the two projects.
Dego aims to be a “lego” of the decentralized ecosystem, giving users a way to gain exposure to the burgeoning DeFi and NFT niches. It has its own NFT ecosystem and a token called DEGO. Cocos-BCX is a “GameFi enabler” built on Ethereum. It focuses on supporting emerging GameFi projects through incubating, investing, and community building.
The hacker was able to steal the funds from the projects after a private key was compromised, the Dego team told PeckShield. The team added that the hack was not a “rug pull”—a common practice in the DeFi world in which project teams, usually those who stay anonymous, disappear with investors’ funds or remove liquidity so that the native token price tanks to zero.
Announcing the exploit on Twitter early Thursday, the Dego team confirmed that it had asked cryptocurrency exchanges to close deposits for its DEGO token in order to prevent the hacker’s ability to profit off their liquidity. In a separate post, the team informed the community that it was working with security teams “to identify the hacker and retrieve loss.” Cocos-BCX, meanwhile, is yet to share an update on the hack through its official channels.
Following the hack, DEGO crashed. According to data from CoinGecko, it plummeted from $4.50 to $3.81 and is now trading at $4.06 at press time, down about 11.4% on the day. COCOS, the native token for Cocos-BCX, had a milder drop of 3.4%, putting its current trading price at $1.54.
Commenting on the attacks, PeckShield founder and CEO Xuxian Jiang told Crypto Briefing that it was possible the admin keys for both projects were secured on a single system that got compromised, such as a laptop. If true, this means the two projects may have been run by the same team. However, Crypto Briefing had not received a response at the time of publishing this article to verify the claim.
The latest DeFi attack comes only a few days after a widely-publicized hack on Wormhole, in which $322 million in ETH was stolen from the Solana to Ethereum bridge. The $322 million loot made it the second biggest DeFi attack ever.